database security lecture
DESCRIPTION
DB Security PresentationTRANSCRIPT
![Page 1: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/1.jpg)
Database Security
![Page 2: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/2.jpg)
Overview
• Definition
– Reasons for security
– Issues • Types of security
– Effective security
– System Requirements • Database Security
– Questions to ask when considering security
– Database-independent measures
– Database-dependent measures
– Security in SQL
![Page 3: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/3.jpg)
Database Security
Definition – “Security protects data from intentional or accidental
misuse or destruction, by controlling access to the data.”
• Stamper & Price – “Database security is concerned with the ability of the
system to enforce a security policy governing the disclosure, modification or destruction of information.”
• Pangalos
![Page 4: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/4.jpg)
Reasons for Security
• Moral/Ethical • Legal requirements • Commercial security • Fraud/Sabotage • Mistakes
![Page 5: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/5.jpg)
Moral/Ethical There may be moral reasons for controlling
who has access to information. For example, medical records are confidential because of people’s right to privacy.
![Page 6: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/6.jpg)
Legal Requirements The Data Protection Act requires companies
to register personal data with the data protection registrar. The act imposes constraints on how information may be used and who may have access to it. Information about individuals must be correct, up-to-date and available for inspection by the individuals concerned.
![Page 7: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/7.jpg)
Commercial Security Information held by companies is a
valuable resource which may be useful to competitors. For example, a list of customers who have bought insurance policies may be valuable to other insurance companies.
![Page 8: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/8.jpg)
Fraud/Sabotage Information may be misused, for
example, insider dealing, or used to mislead.
![Page 9: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/9.jpg)
Mistakes Many problems are not malicious but
are caused by users accidentally changing the data.
![Page 10: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/10.jpg)
Issues
• Confidentiality
– information is only disclosed to authorized users • Integrity
– information is only modified by authorized users • Availability
– information is accessible by authorized users
![Page 11: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/11.jpg)
Types of Security
• Authorization Policies
– Disclosure and modification of data • Data Consistency Policies
– Consistency and correctness of data
![Page 12: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/12.jpg)
Types of Security
• Availability Policies
– Availability of information to users • Identification/Authentication/Audit Policies
– Authorizing users to access data
![Page 13: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/13.jpg)
Effective Security - Assumptions
• Correct User Identification
– It should not be possible to fool the DBMS
e.g. usernames, passwords, etc. • Unanticipated Observers
– It should not be possible to gain access to DBMS through components (disks, tapes, network, etc.), e.g. encryption
![Page 14: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/14.jpg)
Effective Security - Assumptions
• User/Privilege information protected
– It should not be possible to access user information, e.g. passwords
![Page 15: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/15.jpg)
System Requirements
• S/W and H/W around the database
– All aspects of the system must be considered • Data Integrity
– All data must be correct and consistent
– User must trust database content
![Page 16: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/16.jpg)
System Requirements
• Data Availability
– Fault tolerance, redundancy, etc.
• Auditing
– Useful but not excessive
![Page 17: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/17.jpg)
Constraints
• Security constraints
– Authorization controls
– Stored in the data dictionary
– DBMS monitors constraints • Integrity constraints
– Consistent controls
– Stored in the data dictionary
– DBMS monitors integrity
![Page 18: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/18.jpg)
Security constraints in a database are concerned with controlling and authorizing access to the data. For example,
(a) Who may insert data into a table?
(b) Who may create a table?
![Page 19: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/19.jpg)
Integrity constraints are concerned with maintaining the database in a consistent/correct state.
For example,
(a) Employees’ salaries may not increase by more than 5% per year,
(b) All employees must work on a project.
![Page 20: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/20.jpg)
Security and integrity are related concepts. Both are:
(a) Stored in the data dictionary,
(b) Enforced by the DBMS.
![Page 21: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/21.jpg)
• How valuable is the data? • Which data must be secured? • What will illegal access to the data cost? • What are the implications of
changed/destroyed data? • Will security measures affect the proper
functioning of the database? • How can unauthorized access occur?
![Page 22: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/22.jpg)
Security Questions
How valuable is the data?
Different types of data need different levels of security. Publicly available data, for example, stock prices, do not require the same level of security as private data, for example, employee salaries.
![Page 23: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/23.jpg)
What will illegal access to the data cost? If a piece of data has a high value, for
example, information about the performance of a company, then illegal access may be very costly. The cost of ‘losing’ the data determines how much security is required.
![Page 24: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/24.jpg)
What are implications of changed/destroyed data? If losing a piece of data has disastrous
consequences then the security must be higher. For example, if a sales person builds up a customer list over many years then losing the list to a competitor could be very costly
![Page 25: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/25.jpg)
Will security measures affect the proper functioning of the database? If security stops legitimate individuals from
accessing the data, then it may not be suitable.
![Page 26: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/26.jpg)
Database-Independent Security Mechanisms
• Usernames and passwords • Physically secure hardware • Data encryption • Hardware/User profiles
– e.g. login times, CPU usage • Program security • Audit Trails
![Page 27: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/27.jpg)
Database-independent security mechanisms can be applied to any database system:
1. Operating systems use usernames and passwords to control access. A DBMS also uses usernames and passwords to restrict access to the data. This is an unreliable method of controlling systems.
![Page 28: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/28.jpg)
2. Hardware can be physically secured (to avoid damage to the machine) by placing it in a secure room. A machine which is attached to a network may be insecure because access can be gained across the network.
![Page 29: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/29.jpg)
3. Data encryption is often used when information is transmitted across a network. A DBMS can also encode the data so that it is unreadable without accessing it through a query language. This stops users accessing the data by reading the data files and, therefore, by-passing the DBMS security measures.
![Page 30: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/30.jpg)
4. Profiles describe different categories of user who have the same privileges. For example, all project leaders may have access to project data during working hours
![Page 31: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/31.jpg)
5. In a client/server environment it is not sufficient to secure the client without securing the database. The clients can provide a first level of security but should not be the only means of securing the system
![Page 32: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/32.jpg)
6. Audit trails provide a complete history of all interactions with the database including who accessed the system, what was accessed, when it was accessed, etc.
![Page 33: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/33.jpg)
Database-Dependent Security Mechanisms
• Controlling access
– Users and roles
• Username/password
• Groups
– Schemas
• Set of tables, etc. owned by a user • Controlling behavior
– Privileges
• Rights to access the DBMS • Controlling integrity
– Integrity constraints
![Page 34: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/34.jpg)
Database-dependent security mechanisms refer to security features provided by specific database management systems. There are three parts to database specific security measures:
![Page 35: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/35.jpg)
1. Controlling access to the database
• Most database systems provide a method of setting up users. By allocating to each person who accesses the
system a username the database administrator can monitor who is accessing the system.
![Page 36: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/36.jpg)
• Schemas are sets of tables which belong to particular users.Each user can only see their own schema, or set of tables. A user may give permission to another user to view or change their schema.
![Page 37: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/37.jpg)
2. Controlling behavior while connected to the database
• The behavior of each user who is connected to the database can be controlled by allocating or removing the privileges owned by a user.
![Page 38: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/38.jpg)
3. Controlling integrity of data in the database
• Integrity constraints impose limits on the type of data which may be entered into the DBMS. For example, by declaring a primary key a user requires that a set of data has a unique identifier
![Page 39: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/39.jpg)
Controlling Access
• Discretionary Access Control – Users
• A name that can connect and access objects in the database
• Users log in using a name (and password)
![Page 40: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/40.jpg)
Controlling Access
– Schema
• A collection of objects associated with a user
– e.g. tables, views, indexes, procedures, etc.
• Access to a schema is granted at the discretion of the user
![Page 41: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/41.jpg)
• Many databases, including Oracle, use discretionary access control to manage the security of the database. Users of the database can grant permission to use database objects to other users. Each user has the discretionary to allow other users to use their data.
![Page 42: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/42.jpg)
• The two main methods of implementing discretionary access control in the database are:
• Users Users are names that the database recognizes as
being allowed to access the database. A user logs into the database by giving the DBMS a valid username. Users are often required to also provide a password. Once the DBMS knows the name of the user they can then allow that user to access the data.
![Page 43: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/43.jpg)
• Schema The schema is a set of database objects
that have been created in the database. Each user can have one or more schemas.
![Page 44: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/44.jpg)
Controlling Behavior
• Privileges – “the right to execute a particular SQL statement or to
access another user’s object”
• Oracle Concepts Manual Types
– Connecting to the DBMS
– Creating objects
• Tables, views, etc.
– Accessing/changing data
– Executing procedures
![Page 45: Database Security Lecture](https://reader036.vdocuments.us/reader036/viewer/2022062320/563db965550346aa9a9cec32/html5/thumbnails/45.jpg)
• We can give users the right to access data in the database by allocating privileges to the user. There are many different types of privileges that can be given to a user. For example, most users must be given the privilege to connect to the database and to create tables in the database.